US20140015673A1 - Secure peripheral connecting device - Google Patents

Secure peripheral connecting device Download PDF

Info

Publication number
US20140015673A1
US20140015673A1 US13/548,340 US201213548340A US2014015673A1 US 20140015673 A1 US20140015673 A1 US 20140015673A1 US 201213548340 A US201213548340 A US 201213548340A US 2014015673 A1 US2014015673 A1 US 2014015673A1
Authority
US
United States
Prior art keywords
user
secure
peripheral
state
usb
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US13/548,340
Other versions
US8922372B2 (en
Inventor
Aviv Soffer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
High Sec Labs Ltd
Original Assignee
High Sec Labs Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by High Sec Labs Ltd filed Critical High Sec Labs Ltd
Priority to US13/548,340 priority Critical patent/US8922372B2/en
Priority to EP13176151.2A priority patent/EP2685387B1/en
Priority to CA2820981A priority patent/CA2820981C/en
Publication of US20140015673A1 publication Critical patent/US20140015673A1/en
Assigned to HIGH SEC LABS LTD reassignment HIGH SEC LABS LTD ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SOFFER, AVIV
Application granted granted Critical
Publication of US8922372B2 publication Critical patent/US8922372B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/40Bus structure
    • G06F13/4063Device-to-bus coupling
    • G06F13/4068Electrical coupling

Definitions

  • the present invention relates to a device and a method that enables a computer user to securely use peripheral devices such as desktop microphone, headset and video camera without being exposed to the risk of remote eavesdropping.
  • RAT is an acronym for Remote Access Trojan.
  • a RAT might have a functional use, but it is typically used to describe malicious code that is installed without the user's knowledge with the intent of monitoring the computer, logging keystrokes, capturing passwords and otherwise assuming control of the computer from a remote location.
  • Common RATs such as Sub7 have the functionality of enabling computer microphone or video camera remotely and streaming the data back to the attacker.
  • Prior-art computer microphones and headsets are prone to covert eavesdropping as they are typically not equipped with efficient means of disabling microphone activity when not used by the user. Even when On-Off switch is installed between the microphone and the audio CODEC circuitry, such switch is not efficient as users tend to leave it on continuously.
  • Computer microphones and headset devices are also lacking the clear user indications when microphone is active and therefore users are unaware when microphone is activated by software means.
  • U.S. Pat. No. 4,942,605 titled “Security Handset” discloses a security handset. This handset is designed to prevent eavesdropping of telephone handsets while handset is on-hook. This prior-art device is not suitable for use in today's environment as computer headsets do not have on-hook/off-hook states. Headsets and microphones are not stored or hanged while not in active use.
  • the present invention provides a device that enables a computer user to securely use peripheral devices such as audio microphones or video cameras without being exposed to the risk of remote eavesdropping. Another goal of the present invention is to enable secure sharing of such devices between different computers.
  • the secure peripheral device embodiments of the current invention isolate the activation—deactivation inputs from the connected computer in such way that prevent hacked computer from enabling its microphone, headset or video camera while the user is unaware.
  • One aspect of the current invention is to provide a secure peripheral connecting device comprising: at least one computer interface, capable of interfacing the device with a coupled computer; at least one peripheral device interface, capable of interfacing the device with a user peripheral device; a user switch; an indicator element; switches; and a controller, wherein: user activation of said user switch is capable of causing said controller to activate said switches for setting the device in an operational state by: enabling transfer of data to and from said user peripheral device and said coupled computer; and turning on said indicator element, and wherein said controller is capable of automatically activating said switches for setting the device in a secured state by:
  • the operational state is maintained as long as said user switch is activated, and the device returns to said secure state after said user switch is released.
  • the controller is capable of maintaining the device in said operational state for a predefined time interval after said user switch was activated.
  • the switches are further comprising a switch capable of disabling power to said coupled peripheral device when the device is in said secure state.
  • the device is further comprising an active anti-tampering function.
  • a short activation of said user switch returns the device to said secure state
  • a long activation of said user switch extend the time interval of said operational state
  • the predefined time interval is adjustable by the user.
  • the predefined time interval is adjustable by the user using at least one of: PC programming, keyboard entries, DIP switches, at least one trimmer, a rotary encoder, and configuration resistors.
  • said switches are capable of coupling said peripheral device to a controller for prequalification of said peripheral device.
  • the device is further comprising: a selector; USB multiplexers; a plurality of computer interfaces USB plugs, each capable of interfacing the device with a different coupled computer, wherein said selector is capable of controlling said USB multiplexers to couple a selected coupled computer to said peripheral device.
  • the device further comprising a USB hub, capable of monitoring the status said peripheral device interface.
  • the USB hub is capable of detecting and reporting to the microcontroller events related to said status of said device interface selected from the group consisting of: peripheral device connection; peripheral device reset; and peripheral device disconnection, and wherein said microcontroller, is capable of controlling said USB multiplexers for coupling said peripheral device to a controller for prequalification of said peripheral device when said an event related to said status of said device interface was detected.
  • a secure peripheral connecting device comprising: at least one computer interface, capable of interfacing the device with a coupled computer; at least one USB Audio CODEC; at least one analog interfaces, capable of interfacing the device with a user audio peripheral device; a user switch; an indicator element; switches; and a controller, wherein: user activation of said user switch is capable of causing said controller to activate said switches for setting the device in an operational state by: enabling transfer of data to and from said user peripheral device and said coupled computer; and turning on said indicator element, and wherein said controller is capable of automatically activating said switches for setting the device in a secured state by: disabling transfer of data to and from said user peripheral device and said coupled computer; and changing the state of said indicator element.
  • the operational state is maintained as long as said user switch is activated, and the device returns to said secure state after said user
  • the controller is capable of maintaining the device in said operational state for a predefined time interval after said user switch was activated.
  • the switches are further comprising a switch capable of disabling power to said coupled peripheral device when the device is in said secure state.
  • the device is further comprising an active anti-tampering function.
  • a short activation of said user switch returns the device to said secure state
  • a long activation of said user switch extend the time interval of said operational state
  • the predefined time interval is adjustable by the user.
  • the predefined time interval is adjustable by the user using at least one of: PC programming, keyboard entries, DIP switches, at least one trimmer, a rotary encoder, and configuration resistors.
  • the device is further comprising: a selector
  • the device is comprising a mute switch, controllable by said controller and connected to MIC_MUTE discrete input of said USB audio CODEC,
  • Yet another aspect of the current invention is to provide a secure peripheral connecting device comprising: at least one computer interface capable of interfacing the device with a coupled computer, wherein said computer interface comprises at least one analog audio connector; at least one peripheral device interface, capable of interfacing the device with a user peripheral device, wherein said peripheral device interface comprises at least one analog audio connector; a user switch; an indicator element; switches; and a controller, wherein: user activation of said user switch is capable of causing said controller to activate said switches for setting the device in an operational state by: enabling transfer signals to and from said user peripheral device and said coupled computer; and turning on said indicator element, and wherein said controller is capable of automatically activating said switches for setting the device in a secured state by: disabling transfer of signals to and from said user peripheral device and said coupled computer; and changing the state of said indicator element.
  • the device is further comprising a buffer amplifier, capable of transmitting analog signal only in the direction to said peripheral device.
  • FIG. 1 illustrates a high-level block-diagram of a prior-art computer desktop microphone peripheral device having internal USB audio CODEC and USB interface with the computer.
  • FIG. 2 illustrates a high-level block-diagram of an exemplary method and embodiment of the present invention having an illuminated push-button and timer.
  • FIG. 3 illustrates a high-level block-diagram of an exemplary method and embodiment of the present invention having an internal audio CODEC function and switched USB.
  • FIG. 4 illustrates a high-level block-diagram of an exemplary method and embodiment of the present invention having an internal audio CODEC function and switched audio inputs/outputs.
  • FIG. 5 illustrates a high-level block-diagram of yet another exemplary method and embodiment of the present invention having a prequalification function.
  • FIG. 6 illustrates a high-level block-diagram of yet another exemplary method and embodiment of the present invention having a prequalification function, USB hub for port monitoring and multiplexer to enable connection to multiple computers.
  • FIG. 7 illustrates a high-level block-diagram of yet another exemplary method and embodiment of the present invention having an analog audio switching function.
  • the functional blocks are not necessarily indicative of the division between hardware circuitry.
  • one or more of the functional blocks e.g., processors or memories
  • the programs may be stand alone programs, may be incorporated as subroutines in an operating system, may be functions in an installed software package, and the like.
  • FIG. 1 illustrates a block diagram presentation of a prior-art computer desktop microphone device implementation 10 having a USB (Universal Serial Bus) computer interface cable 5 coupled to the computer through USB Type-A plug 4 .
  • Electrets microphone capsule 8 installed on a flexible goose neck or plastic boom which is a hollow tube used to route microphone cable 6 .
  • Microphone cable 6 is coupled to the USB Audio CODEC chip 7 where Analog to Digital conversion is made.
  • a single pole switch 3 to enable user On-Off control of the microphone activity typically through the switching of USB CODEC line called MIC_MUTE. Once this line is asserted the USB CODEC mutes the microphone output to the coupled computer.
  • USB Audio CODEC chip Typical example for USB Audio CODEC chip is PCM2906B—Texas Instruments' single-chip stereo audio CODEC with USB interface. Many silicon vendors are offering similar solutions with different functions and audio quality levels.
  • This computer desktop microphone is good example for a user peripheral device having severe security vulnerabilities.
  • the on-off switch 3 may be left on for long period of time by the user. It also may be turned on by modified device driver without user action or awareness. Since it lacks some critical security functions as mentioned above it is regarded as unsecure device. Its use in a secure environment —where confidential discussions are taking place is risky.
  • FIG. 2 illustrates a high-level block diagram of a secure peripheral device 20 according to an exemplary embodiment of the current invention.
  • Secure peripheral device 20 is having a USB interface cable 5 , coupled with the coupled computer (not shown here).
  • USB interface includes the two bi-directional data lines 5 a and 5 b and the 5V power line 5 c (ground line not shown here).
  • the two bi-directional data lines 5 a and 5 b are coupled to a switch element 9 a and 9 b respectively to enable isolation of the connected USB device 24 from the coupled computer when device is in secure state.
  • Additional optional power switch 9 c may be added to switch the USB+5V power line 5 c supply to the connected user peripheral device 24 when device is in secure state.
  • a timer in microcontroller 32 that causes the following events through line 13 :
  • elements 9 x can be a relay, solid state matrix, multiplexer or any other circuitry that is capable of isolating the communication protocol in use (USB in this example).
  • microcontroller 32 may be replaced here and in the next figures with discrete or integrated electronic circuitry that performs the required timing logic without running a code. For example it is possible to design such function using industry standard NE555 timer integrated circuit. It is also possible to implement such circuitry with FPGA (Field Programmable Gates Array) or PLD (Programmable Logic Device).
  • the preprogrammed time interval is set to 20 to 60 seconds during device production or through field programming means such as DIP switches or USB programming by computer application.
  • the time interval timer will restart and extend the operational state.
  • the blue LEDs in element 34 starts to blink or change illumination color or intensity to indicate that the device time interval is about to expire.
  • Push-To-Talk mode Another operating mode possible with the device 20 of the current invention is Push-To-Talk mode.
  • this mode when the user presses the push-button 33 , the device is switching to operating state. Once the push-button 33 is being released, the device is switching into secure state.
  • This mode of operation may be useful for audio (speech) applications operating in half-duplex mode.
  • All device circuitry is normally powered by the connected computer through the USB power line 5 c and line 2 .
  • the secure peripheral device 20 is optionally further equipped with active anti-tampering function 38 .
  • This function uses low power microcontroller or discrete components to sense mechanical intrusion attempt through sensor such as switch 40 that is coupled to the device enclosure 11 .
  • switch 40 is interrupted, the anti-tampering function 38 senses this transition and triggers a chain of events through line 30 that cause the following effects:
  • security microcontroller 32 and anti-tampering function 38 are powered by coupled computer through the USB interface supply 2 .
  • USB interface supply 2 For drawing clarity these power lines were omitted from the drawings.
  • Coin battery or super-capacitor 36 provides backup power for the anti-tampering function 38 and sensor 40 to enable detection even when the device is unpowered (for example during shipment). Additional means such as tamper evident labels may be used to provide visual indications of the tampering attempt.
  • the active anti-tampering function may be critical to assure that product was not tampered with, modified, or extra circuitry added to it to provide a covert activation of peripheral device 24 , or to add other covert monitoring such as audio channel with remote attacker.
  • the visual indicator 34 is a dual-color indicator, for example a red/green LED. Red light may indicate active device while green light may indicate that the device is in a secured state. In some embodiments, the visual indicator 34 is used to indicate tampering state by illuminating in red color.
  • security microcontroller 32 monitors the timing of activation of push-button 33 and prevents the activation of switches 9 x if push-button 33 is jammed intentionally or unintentionally,
  • FIG. 3 illustrates a high-level block diagram of another secure peripheral device 50 according to an exemplary embodiment of the current invention having an integrated user peripheral device function such as a USB audio codec 7.
  • Audio input jack 43 is microphone or line-in input to enable connection of analog audio sources.
  • Audio output jack 42 is a stereo headphones out or line out to enable connection of user headset or speakers. Audio jacks 42 and 43 are positioned in device enclosure 12 to enable user access through exposed holes.
  • FIG. 2 Operation of elements seen in FIG. 2 is the same as disclosed in the explanation of that figure.
  • audio devices connected to jacks 42 and 43 are activated to a preset time for each depression of push-button 33 .
  • the user may have clear visual indication as to the state of the device such as: “safe”; “connected”; and “device tempered with”.
  • Such secure peripheral device 50 of the current invention may be used to secure existing (prior-art) analog audio products and therefore to extend their safe use.
  • method of switching the USB lines shown in this FIG. 4 may be desirable from security standpoint but may have negative operational effects such as—long time delay at each switching due to device re-enumeration and may cause software application problems.
  • the following FIG. 4 uses an alternative method of switching the audio lines and therefore it does not suffer from these potential negative operational effects.
  • FIG. 4 illustrates a high-level block-diagram of yet another exemplary method and embodiment of the present invention having an internal audio CODEC function and switched audio inputs/outputs.
  • This embodiment of the present invention 45 is similar to the embodiment 12 described in FIG. 3 above but in this embodiment switches 9 a and 9 b are positioned between the USB audio CODEC 7 and the audio input jack 43 and output jack 42 respectively.
  • An additional switch 9 c may be added to control the USB audio CODEC 7 MIC_MUTE discrete input 47 and thus to enable signaling of the device 45 state to the application running at the coupled computer.
  • Voice Over IP application using the secure device 45 may indicate microphone in mute status on the screen whenever the device is in secure state.
  • This specific implementation of the current invention assures that the USB device would not be enumerated every time that the device changes to operating state.
  • FIG. 5 illustrates a high-level block diagram of yet another secure peripheral device 60 according to yet another exemplary embodiment of the current invention having a USB prequalification function.
  • This embodiment of the present invention is similar to the embodiment described in FIG. 2 above but in this embodiment the microcontroller 32 is further having USB host function that is coupled to the connected user peripheral device 24 through data lines 16 a and 16 b .
  • USB data lines 16 a and 16 b are switched to the microcontroller 32 through lines 6 a and 6 b respectively.
  • microcontroller 32 enumerates the connected user peripheral device 24 to check if its characteristics are matching the preprogrammed device characteristics. If it is matching—then the device 24 is qualified and may be used (switched to the coupled computer).
  • a circuitry to detect disconnection and reconnection of user peripheral device may be added to reset the microcontroller 32 when the user change peripheral devices while the device is powered on (connected to the computer). Such detection circuitry may be for example a USB hub as shown in the next figure below.
  • a peripheral device connected to USB jack 18 is activated to a preset time for each depression of push-button 33 .
  • the user may have clear visual indication as to the state of the device such as: “disconnected”; “qualified”; “disqualified”; “connected”; and “device tempered with”.
  • Such secure peripheral device 60 of the current invention may be used to secure existing (prior-art) USB products and therefore to extend their safe use.
  • FIG. 6 illustrates a high-level block diagram of another exemplary method and embodiment of the present invention having a prequalification function, a USB hub for port monitoring and USB multiplexer to enable user selection of connecting to one of multiple computers.
  • This embodiment of the present invention is similar to the embodiment described in FIG. 5 above but in this embodiment the microcontroller 32 c also controls the two USB multiplexers 19 a and 19 b to select a coupled computer.
  • This device 46 of the present invention is capable of being coupled to a plurality of coupled computers, for example up to 4 different computers through USB plugs 4 a to 4 d .
  • USB plugs 4 a to 4 d are coupled through USB wires 5 xa and 5 xb (x being a, b, c or d) through multiplexers 19 a and 19 b to USB lines 21 a and 21 b respectively.
  • the user is capable of selecting at least one of the coupled computers using selector 35 .
  • Microcontroller 32 c commands through line 44 the multiplexers 19 a and 19 d to switch to the first (upper) position thus coupling lines 5 aa and 5 ab to lines 21 a and 21 b respectively.
  • Lines 21 a and 21 b are coupled to switches 9 d and 9 e to enable state changes from secure to operating states similar to FIG. 5 above.
  • This embodiment of the current invention is further comprising a USB HUB 31 that is coupled to the microcontroller 32 c through bidirectional channel 39 .
  • This enables USB Hub 31 to monitor the device port 18 state and detect and report events such as—device disconnect, device connect, device reset etc. Such information may be essential to detect in order to switch back the connected device 24 to qualification state.
  • This device 46 of the present invention is optionally further having a DC power jack 25 to connect an external power supply in order to prevent potential power signaling security risks. If one of the USB port power was used to power the device 46 it may cause a severe security threat due to power signaling. In such case it would be possible that one computer will modulate USB power to the device and another computer will sense such changes and translate it into a digital message.
  • LED indicator 37 provides user indication about the device 46 status. Additional channel selected LEDs may be installed inside or near each channel select push-buttons 35 x.
  • FIG. 7 illustrates a high-level block-diagram of yet another exemplary method and embodiment of the present invention similar to the embodiment 45 of FIG. 4 above having an analog audio switching function but not having internal USB audio CODEC 7.
  • This particular implementation of the current invention does not require a USB interface with the coupled computer and therefore may be preferred by customers who don't want to use USB for audio applications.
  • coupled computer is connected to the device 82 through analog connections such as microphone plug 86 a and headphones analog output plug 86 b and through shielded cables 85 a and 85 b respectively.
  • Shielded cables 85 a and 85 b are coupled to the analog audio switches 84 a and 84 b respectively that controlled by microcontroller 32 d.
  • microcontroller 32 d commands the analog audio switches 84 a and 84 b to short the microphone input line 85 a and headphones output line 86 b to the ground and therefore securely disabling both audio inputs and outputs.
  • microcontroller 32 d commands the analog audio switches 84 a and 84 b to connect microphone input line 85 a and headphones output line 86 b to microphone jack 43 and headphones jack 42 through lines 83 a and 83 b respectively and therefore enables the audio input and output to the coupled computer.
  • Optional buffer amplifier 87 may be added on the headphones output line 83 b to prevent the option that connected headset would be abused as a dynamic microphone by remote attacker.
  • the term “computer” or “module” may include any processor-based or microprocessor-based system including systems using microcontrollers, reduced instruction set computers (RISC), application specific integrated circuits (ASICs), logic circuits, and any other circuit or processor capable of executing the functions described herein.
  • RISC reduced instruction set computers
  • ASICs application specific integrated circuits
  • the above examples are exemplary only, and are thus not intended to limit in any way the definition and/or meaning of the term “computer”.

Abstract

A secure peripheral device, coupled to a computer, capable of enabling a user to use a peripheral device such as a microphone, speakers, headset or video camera when the device is in operational state, while giving to the user a clear visual indication that the device is enabled. The device simultaneously disables the user peripheral device; and turns off the visual indication when the secure peripheral device is in secure state. The operational state is activated by the user by pressing a momentary push-button switch. A timer resets the device to a secure state after a short preset time. The device has anti-tempering functionality and becomes permanently disabled if tempered with. Optionally the device is coupled to the computer via a USB port that powers it.

Description

    FIELD OF THE INVENTION
  • The present invention relates to a device and a method that enables a computer user to securely use peripheral devices such as desktop microphone, headset and video camera without being exposed to the risk of remote eavesdropping.
    • BACKGROUND OF THE INVENTION
  • The presence of microphones and video cameras in computerized products such as desktop computers, laptop computers, PDAs, tablets and mobile phones creates an information security and privacy protection challenge today. As computers connected to public networks and to the internet can be easily hacked and controlled remotely, these products having internal or external microphones and cameras are at risk of becoming an eavesdropping bug. Attacker can install a malicious code on the product that will activate a microphone in such way that it will pick up surrounding conversation, compress the audio data and stream it over the internet to the interested attacker. Then the attacker reconstructs the audio signal, enhance it if needed and analyze it to recover valuable information. Such method can operate while the user is completely unaware and it can even run undetectable by anti-virus and intrusion detection programs through the use of Zero Day Vulnerabilities. Zero Day Vulnerabilities are non-publicized new security vulnerabilities that can be used by attackers to modify or control product functionality.
  • One of the most common methods used to hack computer microphone remotely is through the use of RAT. RAT is an acronym for Remote Access Trojan. A RAT might have a functional use, but it is typically used to describe malicious code that is installed without the user's knowledge with the intent of monitoring the computer, logging keystrokes, capturing passwords and otherwise assuming control of the computer from a remote location. Common RATs such as Sub7 have the functionality of enabling computer microphone or video camera remotely and streaming the data back to the attacker.
  • Prior-art computer microphones and headsets are prone to covert eavesdropping as they are typically not equipped with efficient means of disabling microphone activity when not used by the user. Even when On-Off switch is installed between the microphone and the audio CODEC circuitry, such switch is not efficient as users tend to leave it on continuously.
  • Computer microphones and headset devices are also lacking the clear user indications when microphone is active and therefore users are unaware when microphone is activated by software means.
  • Another disadvantage of prior-art computer microphones and headsets is the lack of anti-tampering means that will prevent physical attack on the device in attempt to bypass switches or other internal security means.
  • To overcome these disadvantages, many high-security organizations are instructing their workforce to remove all microphones, headsets and video cameras from their desktop computers. In addition to that, many organizations are physically removing microphones and video cameras from the laptop computers that they are purchasing and using.
  • U.S. Pat. No. 4,942,605 titled “Security Handset”; discloses a security handset. This handset is designed to prevent eavesdropping of telephone handsets while handset is on-hook. This prior-art device is not suitable for use in today's environment as computer headsets do not have on-hook/off-hook states. Headsets and microphones are not stored or hanged while not in active use.
    • SUMMARY OF THE EMBODIMENTS
  • In view of the security risks associated with microphones, headsets and video cameras connected to computers, and in view of the shortcoming of prior art microphones, headsets and video cameras connected to computers, there is a need for a secure peripheral device that at least will:
    • 1. Provide efficient and secure switching of the coupled user peripheral device activity, controllable only by the user and completely isolated from computer control;
    • 2. Prevent inadvertent long periods of active user peripheral device by user neglect or lack of discipline; and
    • 3. Provide clear user visual indications when user peripheral device is active.
  • The present invention provides a device that enables a computer user to securely use peripheral devices such as audio microphones or video cameras without being exposed to the risk of remote eavesdropping. Another goal of the present invention is to enable secure sharing of such devices between different computers.
  • The secure peripheral device embodiments of the current invention isolate the activation—deactivation inputs from the connected computer in such way that prevent hacked computer from enabling its microphone, headset or video camera while the user is unaware.
  • One aspect of the current invention is to provide a secure peripheral connecting device comprising: at least one computer interface, capable of interfacing the device with a coupled computer; at least one peripheral device interface, capable of interfacing the device with a user peripheral device; a user switch; an indicator element; switches; and a controller, wherein: user activation of said user switch is capable of causing said controller to activate said switches for setting the device in an operational state by: enabling transfer of data to and from said user peripheral device and said coupled computer; and turning on said indicator element, and wherein said controller is capable of automatically activating said switches for setting the device in a secured state by:
      • disabling transfer of data to and from said user peripheral device and said coupled computer; and changing the state of said indicator element.
  • In some exemplary embodiments the operational state is maintained as long as said user switch is activated, and the device returns to said secure state after said user switch is released.
  • In some exemplary embodiments the controller is capable of maintaining the device in said operational state for a predefined time interval after said user switch was activated.
  • In some exemplary embodiments the switches are further comprising a switch capable of disabling power to said coupled peripheral device when the device is in said secure state.
  • In some exemplary embodiments the device is further comprising an active anti-tampering function.
  • In some exemplary embodiments, when the device is in said operational state: a short activation of said user switch returns the device to said secure state, and a long activation of said user switch extend the time interval of said operational state.
  • In some exemplary embodiments the predefined time interval is adjustable by the user.
  • In some exemplary embodiments the predefined time interval is adjustable by the user using at least one of: PC programming, keyboard entries, DIP switches, at least one trimmer, a rotary encoder, and configuration resistors.
  • In some exemplary embodiments, while the device is in said secure state, said switches are capable of coupling said peripheral device to a controller for prequalification of said peripheral device.
  • In some exemplary embodiments the device is further comprising: a selector; USB multiplexers; a plurality of computer interfaces USB plugs, each capable of interfacing the device with a different coupled computer, wherein said selector is capable of controlling said USB multiplexers to couple a selected coupled computer to said peripheral device.
  • In some exemplary embodiments the device further comprising a USB hub, capable of monitoring the status said peripheral device interface.
  • In some exemplary embodiments the USB hub is capable of detecting and reporting to the microcontroller events related to said status of said device interface selected from the group consisting of: peripheral device connection; peripheral device reset; and peripheral device disconnection, and wherein said microcontroller, is capable of controlling said USB multiplexers for coupling said peripheral device to a controller for prequalification of said peripheral device when said an event related to said status of said device interface was detected.
  • Another aspect of the current invention is to provide a secure peripheral connecting device comprising: at least one computer interface, capable of interfacing the device with a coupled computer; at least one USB Audio CODEC; at least one analog interfaces, capable of interfacing the device with a user audio peripheral device; a user switch; an indicator element; switches; and a controller, wherein: user activation of said user switch is capable of causing said controller to activate said switches for setting the device in an operational state by: enabling transfer of data to and from said user peripheral device and said coupled computer; and turning on said indicator element, and wherein said controller is capable of automatically activating said switches for setting the device in a secured state by: disabling transfer of data to and from said user peripheral device and said coupled computer; and changing the state of said indicator element.
  • In some exemplary embodiments the operational state is maintained as long as said user switch is activated, and the device returns to said secure state after said user
  • In some exemplary embodiments the controller is capable of maintaining the device in said operational state for a predefined time interval after said user switch was activated.
  • In some exemplary embodiments the switches are further comprising a switch capable of disabling power to said coupled peripheral device when the device is in said secure state.
  • In some exemplary embodiments the device is further comprising an active anti-tampering function.
  • In some exemplary embodiments, when the device is in said operational state: a short activation of said user switch returns the device to said secure state, and a long activation of said user switch extend the time interval of said operational state.
  • In some exemplary embodiments the predefined time interval is adjustable by the user.
  • In some exemplary embodiments the predefined time interval is adjustable by the user using at least one of: PC programming, keyboard entries, DIP switches, at least one trimmer, a rotary encoder, and configuration resistors.
  • In some exemplary embodiments the device is further comprising: a selector;
      • USB multiplexers; a plurality of computer interfaces USB plugs, each capable of interfacing the device with a different coupled computer, wherein said selector is capable of controlling said USB multiplexers to couple a selected coupled computer to said peripheral device.
  • In some exemplary embodiments, wherein when the secure state, said switch it In some exemplary embodiments the device is comprising a mute switch, controllable by said controller and connected to MIC_MUTE discrete input of said USB audio CODEC,
      • wherein information indicative of mute status of said USB audio CODEC can be passed to an application running at said coupled computer.
  • Yet another aspect of the current invention is to provide a secure peripheral connecting device comprising: at least one computer interface capable of interfacing the device with a coupled computer, wherein said computer interface comprises at least one analog audio connector; at least one peripheral device interface, capable of interfacing the device with a user peripheral device, wherein said peripheral device interface comprises at least one analog audio connector; a user switch; an indicator element; switches; and a controller, wherein: user activation of said user switch is capable of causing said controller to activate said switches for setting the device in an operational state by: enabling transfer signals to and from said user peripheral device and said coupled computer; and turning on said indicator element, and wherein said controller is capable of automatically activating said switches for setting the device in a secured state by: disabling transfer of signals to and from said user peripheral device and said coupled computer; and changing the state of said indicator element.
  • In some exemplary embodiments the device is further comprising a buffer amplifier, capable of transmitting analog signal only in the direction to said peripheral device.
  • Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Although methods and materials similar or equivalent to those described herein can be used in the practice or testing of the present invention, suitable methods and materials are described below. In case of conflict, the patent specification, including definitions, will control. In addition, the materials, methods, and examples are illustrative only and not intended to be limiting.
  • Unless marked as background or art, any information disclosed herein may be viewed as being part of the current invention or its embodiments.
    • BRIEF DESCRIPTION OF THE OF THE DRAWINGS
  • Some embodiments of the invention are herein described, by way of example only, with reference to the accompanying drawings. With specific reference now to the drawings in detail, it is stressed that the particulars shown are by way of example and for purposes of illustrative discussion of the preferred embodiments of the present invention only, and are presented in the cause of providing what is believed to be the most useful and readily understood description of the principles and conceptual aspects of the invention. In this regard, no attempt is made to show structural details of the invention in more detail than is necessary for a fundamental understanding of the invention, the description taken with the drawings making apparent to those skilled in the art how the several forms of the invention may be embodied in practice.
  • In the drawings:
  • FIG. 1 illustrates a high-level block-diagram of a prior-art computer desktop microphone peripheral device having internal USB audio CODEC and USB interface with the computer.
  • FIG. 2 illustrates a high-level block-diagram of an exemplary method and embodiment of the present invention having an illuminated push-button and timer.
  • FIG. 3 illustrates a high-level block-diagram of an exemplary method and embodiment of the present invention having an internal audio CODEC function and switched USB.
  • FIG. 4 illustrates a high-level block-diagram of an exemplary method and embodiment of the present invention having an internal audio CODEC function and switched audio inputs/outputs.
  • FIG. 5 illustrates a high-level block-diagram of yet another exemplary method and embodiment of the present invention having a prequalification function.
  • FIG. 6 illustrates a high-level block-diagram of yet another exemplary method and embodiment of the present invention having a prequalification function, USB hub for port monitoring and multiplexer to enable connection to multiple computers.
  • FIG. 7 illustrates a high-level block-diagram of yet another exemplary method and embodiment of the present invention having an analog audio switching function.
    •  DETAILED DESCRIPTION OF THE DRAWINGS
  • Before explaining at least one embodiment of the invention in detail, it is to be understood that the invention is not necessarily limited in its application to the details set forth in the following description or exemplified by the examples. The invention is capable of other embodiments or of being practiced or carried out in various ways.
  • It will be appreciated that certain features of the invention, which are, for clarity, described in the context of separate embodiments, may also be provided in combination in a single embodiment. Conversely, various features of the invention, which are, for brevity, described in the context of a single embodiment, may also be provided separately or in any suitable sub-combination or as suitable in any other described embodiment of the invention. Certain features described in the context of various embodiments are not to be considered essential features of those embodiments, unless the embodiment is inoperative without those elements.
  • In discussion of the various figures described herein below, like numbers refer to like parts. The drawings are generally not to scale. For clarity, non-essential elements may have been omitted from some of the drawing.
  • To the extent that the figures illustrate diagrams of the functional blocks of various embodiments, the functional blocks are not necessarily indicative of the division between hardware circuitry. Thus, for example, one or more of the functional blocks (e.g., processors or memories) may be implemented in a single piece of hardware (e.g., a general purpose signal processor or random access memory, or the like) or multiple pieces of hardware. Similarly, the programs may be stand alone programs, may be incorporated as subroutines in an operating system, may be functions in an installed software package, and the like.
  • FIG. 1 illustrates a block diagram presentation of a prior-art computer desktop microphone device implementation 10 having a USB (Universal Serial Bus) computer interface cable 5 coupled to the computer through USB Type-A plug 4. Electrets microphone capsule 8 installed on a flexible goose neck or plastic boom which is a hollow tube used to route microphone cable 6. Microphone cable 6 is coupled to the USB Audio CODEC chip 7 where Analog to Digital conversion is made. A single pole switch 3 to enable user On-Off control of the microphone activity typically through the switching of USB CODEC line called MIC_MUTE. Once this line is asserted the USB CODEC mutes the microphone output to the coupled computer.
  • Typical example for USB Audio CODEC chip is PCM2906B—Texas Instruments' single-chip stereo audio CODEC with USB interface. Many silicon vendors are offering similar solutions with different functions and audio quality levels.
  • This computer desktop microphone is good example for a user peripheral device having severe security vulnerabilities. The on-off switch 3 may be left on for long period of time by the user. It also may be turned on by modified device driver without user action or awareness. Since it lacks some critical security functions as mentioned above it is regarded as unsecure device. Its use in a secure environment —where confidential discussions are taking place is risky.
  • FIG. 2 illustrates a high-level block diagram of a secure peripheral device 20 according to an exemplary embodiment of the current invention. Secure peripheral device 20 is having a USB interface cable 5, coupled with the coupled computer (not shown here). USB interface includes the two bi-directional data lines 5 a and 5 b and the 5V power line 5 c (ground line not shown here). The two bi-directional data lines 5 a and 5 b are coupled to a switch element 9 a and 9 b respectively to enable isolation of the connected USB device 24 from the coupled computer when device is in secure state. Additional optional power switch 9 c may be added to switch the USB+5V power line 5 c supply to the connected user peripheral device 24 when device is in secure state. When the operates a user switch 33, for example when user pushes the push-button 33 it triggers a timer in microcontroller 32 that causes the following events through line 13:
      • a. Indicator element 34 is operated to indicate active mode of the device. For example, Push-button blue LEDs are illuminating in element 34 that is located inside or near push-button 33;
      • b. USB data line switches 9 a and 9 b are closing coupling lines 5 a to 16 a and 5 b to 16 b to enable computer to user peripheral device 24 communications; and:
      • c. Optional power switch 9 c couples the USB+5V power line 5 c to line 16 c that powers the user peripheral device 24 that is coupled through USB cable 22 and USB jack 18.
  • At the end of the pre-set time, a timer in microcontroller 32 that causes the following events through line 13:
      • a. Push-button blue LEDs in element 34 that is located inside or near push-button 33 are turned off;
      • b. USB data line switches 9 a and 9 b are opened decoupling lines 5 a to 16 a and 5 b to 16 b to disenable computer to user peripheral device 24 communications; and:
      • c. Optional power switch 9 c opens, decoupling the USB+5V power line 5 c from line 16 c that powers the user peripheral device 24 that is coupled through USB cable 22 and USB jack 18.
  • It should be noted that elements 9 x can be a relay, solid state matrix, multiplexer or any other circuitry that is capable of isolating the communication protocol in use (USB in this example). It also should be noted that microcontroller 32 may be replaced here and in the next figures with discrete or integrated electronic circuitry that performs the required timing logic without running a code. For example it is possible to design such function using industry standard NE555 timer integrated circuit. It is also possible to implement such circuitry with FPGA (Field Programmable Gates Array) or PLD (Programmable Logic Device).
  • Optionally, in order to further enhance the device 20 usability, one or few of the following operation modes may be implemented:
  • When the device is in secure state and the push-button is pressed, the device switches to operational state. The preprogrammed time interval is set to 20 to 60 seconds during device production or through field programming means such as DIP switches or USB programming by computer application.
  • When the device 20 is in operational state, if the user presses the push-button 33 momentarily (short press=less than 2.5 seconds), then the device will change state to secure immediately. This function is called mute function.
  • If the user presses long press on the push-button 33 (more than 2.5 seconds), the time interval timer will restart and extend the operational state.
  • Once the preprogrammed time interval reached 75% of the time, the blue LEDs in element 34 starts to blink or change illumination color or intensity to indicate that the device time interval is about to expire.
  • Another operating mode possible with the device 20 of the current invention is Push-To-Talk mode. In this mode, when the user presses the push-button 33, the device is switching to operating state. Once the push-button 33 is being released, the device is switching into secure state. This mode of operation may be useful for audio (speech) applications operating in half-duplex mode.
  • All device circuitry is normally powered by the connected computer through the USB power line 5 c and line 2.
  • In an embodiment of the present invention the secure peripheral device 20 is optionally further equipped with active anti-tampering function 38. This function uses low power microcontroller or discrete components to sense mechanical intrusion attempt through sensor such as switch 40 that is coupled to the device enclosure 11. When switch 40 is interrupted, the anti-tampering function 38 senses this transition and triggers a chain of events through line 30 that cause the following effects:
      • a. Device is disabled permanently—it cannot be activated anymore.
      • b. Device provides clear user indications of the tampered state. These indications typically include blinking action of the red lighted LEDs 34 inside the push-button switch 33.
  • During normal operation, security microcontroller 32 and anti-tampering function 38 are powered by coupled computer through the USB interface supply 2. For drawing clarity these power lines were omitted from the drawings.
  • Coin battery or super-capacitor 36 provides backup power for the anti-tampering function 38 and sensor 40 to enable detection even when the device is unpowered (for example during shipment). Additional means such as tamper evident labels may be used to provide visual indications of the tampering attempt.
  • It should be noted that the active anti-tampering function may be critical to assure that product was not tampered with, modified, or extra circuitry added to it to provide a covert activation of peripheral device 24, or to add other covert monitoring such as audio channel with remote attacker.
  • In some embodiments the visual indicator 34 is a dual-color indicator, for example a red/green LED. Red light may indicate active device while green light may indicate that the device is in a secured state. In some embodiments, the visual indicator 34 is used to indicate tampering state by illuminating in red color.
  • In some embodiments, security microcontroller 32 monitors the timing of activation of push-button 33 and prevents the activation of switches 9 x if push-button 33 is jammed intentionally or unintentionally,
  • FIG. 3 illustrates a high-level block diagram of another secure peripheral device 50 according to an exemplary embodiment of the current invention having an integrated user peripheral device function such as a USB audio codec 7.
  • This embodiment of the present invention is similar to the embodiment described in FIG. 2 above with the additional USB audio CODEC 7 that is permanently couple to switches 9 x. Audio input jack 43 is microphone or line-in input to enable connection of analog audio sources. Audio output jack 42 is a stereo headphones out or line out to enable connection of user headset or speakers. Audio jacks 42 and 43 are positioned in device enclosure 12 to enable user access through exposed holes.
  • Operation of elements seen in FIG. 2 is the same as disclosed in the explanation of that figure. Thus, audio devices connected to jacks 42 and 43 are activated to a preset time for each depression of push-button 33. Additionally, the user may have clear visual indication as to the state of the device such as: “safe”; “connected”; and “device tempered with”. Such secure peripheral device 50 of the current invention may be used to secure existing (prior-art) analog audio products and therefore to extend their safe use.
  • It should be noted that method of switching the USB lines shown in this FIG. 4 may be desirable from security standpoint but may have negative operational effects such as—long time delay at each switching due to device re-enumeration and may cause software application problems. The following FIG. 4 uses an alternative method of switching the audio lines and therefore it does not suffer from these potential negative operational effects.
  • FIG. 4 illustrates a high-level block-diagram of yet another exemplary method and embodiment of the present invention having an internal audio CODEC function and switched audio inputs/outputs.
  • This embodiment of the present invention 45 is similar to the embodiment 12 described in FIG. 3 above but in this embodiment switches 9 a and 9 b are positioned between the USB audio CODEC 7 and the audio input jack 43 and output jack 42 respectively. An additional switch 9 c may be added to control the USB audio CODEC 7 MIC_MUTE discrete input 47 and thus to enable signaling of the device 45 state to the application running at the coupled computer. For example Voice Over IP application using the secure device 45 may indicate microphone in mute status on the screen whenever the device is in secure state.
  • This specific implementation of the current invention assures that the USB device would not be enumerated every time that the device changes to operating state.
  • FIG. 5 illustrates a high-level block diagram of yet another secure peripheral device 60 according to yet another exemplary embodiment of the current invention having a USB prequalification function.
  • This embodiment of the present invention is similar to the embodiment described in FIG. 2 above but in this embodiment the microcontroller 32 is further having USB host function that is coupled to the connected user peripheral device 24 through data lines 16 a and 16 b. In this embodiment of the current invention before microcontroller 32 switches the 9 x to operating state, USB data lines 16 a and 16 b are switched to the microcontroller 32 through lines 6 a and 6 b respectively. During device 11 power up or when device 24 first connected, microcontroller 32 enumerates the connected user peripheral device 24 to check if its characteristics are matching the preprogrammed device characteristics. If it is matching—then the device 24 is qualified and may be used (switched to the coupled computer). If it is not qualified—the device 24 cannot be used and proper user indication is given for example through LEDs 34 indicating steady red light. This pre-qualification function assures that only allowed USB devices will be used. A circuitry to detect disconnection and reconnection of user peripheral device may be added to reset the microcontroller 32 when the user change peripheral devices while the device is powered on (connected to the computer). Such detection circuitry may be for example a USB hub as shown in the next figure below.
  • Operation of elements seen in FIG. 2 is the same as disclosed in the explanation of that figure. Thus, a peripheral device connected to USB jack 18 is activated to a preset time for each depression of push-button 33. Additionally, the user may have clear visual indication as to the state of the device such as: “disconnected”; “qualified”; “disqualified”; “connected”; and “device tempered with”. Such secure peripheral device 60 of the current invention may be used to secure existing (prior-art) USB products and therefore to extend their safe use.
  • Re-enumeration of device 24 by the host is required when switches 9 d and 9 e connect lines 16 a and 16 b to 5 a and 5 b respectively. This causes a delay which may be tolerated.
  • Optionally, to protect the system against exchanging a valid device 24 with am unauthorized device during the brief time interval of mode change one or both of the following methods may be used:
      • 1. Detection of USB plug mechanical state, using a sensor such as a small βswitch that is capable of detecting the disconnection of valid device 24 and reporting the disconnection to controller 32 or active anti-tampering function 38
      • 2. USB hub connected between device port 18 and switch 9 x. The USB hub reports any device status changes to the controller 32. This option is shown in FIG. 6 below.
  • FIG. 6 illustrates a high-level block diagram of another exemplary method and embodiment of the present invention having a prequalification function, a USB hub for port monitoring and USB multiplexer to enable user selection of connecting to one of multiple computers.
  • This embodiment of the present invention is similar to the embodiment described in FIG. 5 above but in this embodiment the microcontroller 32 c also controls the two USB multiplexers 19 a and 19 b to select a coupled computer. This device 46 of the present invention is capable of being coupled to a plurality of coupled computers, for example up to 4 different computers through USB plugs 4 a to 4 d. USB plugs 4 a to 4 d are coupled through USB wires 5 xa and 5 xb (x being a, b, c or d) through multiplexers 19 a and 19 b to USB lines 21 a and 21 b respectively. The user is capable of selecting at least one of the coupled computers using selector 35. For example—if the user wants to couple the device 24 to a first computer he/she presses push button 35 a. Preferably, only one coupled computer may be selected at a given time. Microcontroller 32 c commands through line 44 the multiplexers 19 a and 19 d to switch to the first (upper) position thus coupling lines 5 aa and 5 ab to lines 21 a and 21 b respectively. Lines 21 a and 21 b are coupled to switches 9 d and 9 e to enable state changes from secure to operating states similar to FIG. 5 above.
  • This embodiment of the current invention is further comprising a USB HUB 31 that is coupled to the microcontroller 32 c through bidirectional channel 39. This enables USB Hub 31 to monitor the device port 18 state and detect and report events such as—device disconnect, device connect, device reset etc. Such information may be essential to detect in order to switch back the connected device 24 to qualification state.
  • This device 46 of the present invention is optionally further having a DC power jack 25 to connect an external power supply in order to prevent potential power signaling security risks. If one of the USB port power was used to power the device 46 it may cause a severe security threat due to power signaling. In such case it would be possible that one computer will modulate USB power to the device and another computer will sense such changes and translate it into a digital message.
  • LED indicator 37 provides user indication about the device 46 status. Additional channel selected LEDs may be installed inside or near each channel select push-buttons 35 x.
  • FIG. 7 illustrates a high-level block-diagram of yet another exemplary method and embodiment of the present invention similar to the embodiment 45 of FIG. 4 above having an analog audio switching function but not having internal USB audio CODEC 7. This particular implementation of the current invention does not require a USB interface with the coupled computer and therefore may be preferred by customers who don't want to use USB for audio applications.
  • In this exemplary embodiment of the current invention coupled computer is connected to the device 82 through analog connections such as microphone plug 86 a and headphones analog output plug 86 b and through shielded cables 85 a and 85 b respectively. Shielded cables 85 a and 85 b are coupled to the analog audio switches 84 a and 84 b respectively that controlled by microcontroller 32 d.
  • When the device 82 is in secure state, microcontroller 32 d commands the analog audio switches 84 a and 84 b to short the microphone input line 85 a and headphones output line 86 b to the ground and therefore securely disabling both audio inputs and outputs. When the device 82 is in operational state, microcontroller 32 d commands the analog audio switches 84 a and 84 b to connect microphone input line 85 a and headphones output line 86 b to microphone jack 43 and headphones jack 42 through lines 83 a and 83 b respectively and therefore enables the audio input and output to the coupled computer.
  • Optional buffer amplifier 87 may be added on the headphones output line 83 b to prevent the option that connected headset would be abused as a dynamic microphone by remote attacker.
  • As used herein, the term “computer” or “module” may include any processor-based or microprocessor-based system including systems using microcontrollers, reduced instruction set computers (RISC), application specific integrated circuits (ASICs), logic circuits, and any other circuit or processor capable of executing the functions described herein. The above examples are exemplary only, and are thus not intended to limit in any way the definition and/or meaning of the term “computer”.
  • It is to be understood that the above description is intended to be illustrative, and not restrictive. For example, the above-described embodiments (and/or aspects thereof) may be used in combination with each other. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the various embodiments of the invention without departing from their scope. While the dimensions and types of materials described herein are intended to define the parameters of the various embodiments of the invention, the embodiments are by no means limiting and are exemplary embodiments. Many other embodiments will be apparent to those of skill in the art upon reviewing the above description. The scope of the various embodiments of the invention should, therefore, be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled. In the appended claims, the terms “including” and “in which” are used as the plain-English equivalents of the respective terms “comprising” and “wherein.” Moreover, in the following claims, the terms “first,” “second,” and “third,” etc. are used merely as labels, and are not intended to impose numerical requirements on their objects.
  • Further, the limitations of the following claims are not written in means-plus-function format and are not intended to be interpreted based on 35 U.S.C. §112, sixth paragraph, unless and until such claim limitations expressly use the phrase “means for” followed by a statement of function void of further structure.
  • This written description uses examples to disclose the various embodiments of the invention, including the best mode, and also to enable any person skilled in the art to practice the various embodiments of the invention, including making and using any devices or systems and performing any incorporated methods. The patentable scope of the various embodiments of the invention is defined by the claims, and may include other examples that occur to those skilled in the art. Such other examples are intended to be within the scope of the claims if the examples have structural elements that do not differ from the literal language of the claims, or if the examples include equivalent structural elements with insubstantial differences from the literal languages of the claims.
  • Although the invention has been described in conjunction with specific embodiments thereof, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, it is intended to embrace all such alternatives, modifications and variations that fall within the spirit and broad scope of the appended claims. All publications, patents and patent applications mentioned in this specification are herein incorporated in their entirety by reference into the specification, to the same extent as if each individual publication, patent or patent application was specifically and individually indicated to be incorporated herein by reference. In addition, citation or identification of any reference in this application shall not be construed as an admission that such reference is available as prior art to the present invention.

Claims (25)

1. A secure peripheral connecting device comprising:
at least one computer interface, capable of interfacing the device with a coupled computer;
at least one peripheral device interface, capable of interfacing the device with a user peripheral device;
a user switch;
an indicator element;
switches; and
a controller, wherein:
user activation of said user switch is capable of causing said controller to activate said switches for setting the device in an operational state by:
enabling transfer of data to and from said user peripheral device and said coupled computer; and
turning on said indicator element,
and wherein said controller is capable of automatically activating said switches for setting the device in a secured state by:
disabling transfer of data to and from said user peripheral device and said coupled computer; and
changing the state of said indicator element.
2. The secure peripheral connecting device of claim 1, wherein:
said operational state is maintained as long as said user switch is activated, and
the device returns to said secure state after said user switch is released.
3. The secure peripheral connecting device of claim 1, wherein:
said controller is capable of maintaining the device in said operational state for a predefined time interval after said user switch was activated.
4. The secure peripheral connecting device of claim 1, wherein said switches are further comprising a switch capable of disabling power to said coupled peripheral device when the device is in said secure state.
5. The secure peripheral connecting device of claim 1, and further comprising an active anti-tampering function.
6. The secure peripheral connecting device of claim 3, wherein, when the device is in said operational state:
a short activation of said user switch returns the device to said secure state, and
a long activation of said user switch extend the time interval of said operational state.
7. The secure peripheral connecting device of claim 3, wherein said predefined time interval is adjustable by the user.
8. The secure peripheral connecting device of claim 7, wherein said predefined time interval is adjustable by the user using at least one of: PC programming, keyboard entries, DIP switches, at least one trimmer, a rotary encoder, and configuration resistors.
9. The secure peripheral connecting device of claim 1, wherein:
while the device is in said secure state, said switches are capable of coupling said peripheral device to a controller for prequalification of said peripheral device.
10. The secure peripheral connecting device of claim 1, and further comprising:
a selector;
USB multiplexers;
a plurality of computer interfaces USB plugs, each capable of interfacing the device with a different coupled computer,
wherein said selector is capable of controlling said USB multiplexers to couple a selected coupled computer to said peripheral device.
11. The secure peripheral connecting device of claim 9, and further comprising a USB hub, capable of monitoring the status said peripheral device interface.
12. The secure peripheral connecting device of claim 11, wherein:
said USB hub is capable of detecting and reporting to the microcontroller events related to said status of said device interface selected from the group consisting of: peripheral device connection; peripheral device reset; and peripheral device disconnection,
and wherein said microcontroller, is capable of controlling said USB multiplexers (19 d and for coupling said peripheral device to a controller for prequalification of said peripheral device when said an event related to said status of said device interface was detected.
13. A secure peripheral connecting device comprising:
at least one computer interface, capable of interfacing the device with a coupled computer;
at least one USB Audio CODEC;
at least one analog interfaces, capable of interfacing the device with a user audio peripheral device;
a user switch;
an indicator element;
switches; and
a controller, wherein:
user activation of said user switch is capable of causing said controller to activate said switches for setting the device in an operational state by:
enabling transfer of data to and from said user peripheral device and said coupled computer; and
turning on said indicator element,
and wherein said controller is capable of automatically activating said switches for setting the device in a secured state by:
disabling transfer of data to and from said user peripheral device and said coupled computer; and
changing the state of said indicator element.
14. The secure peripheral connecting device of claim 13, wherein:
said operational state is maintained as long as said user switch is activated, and
the device returns to said secure state after said user switch is released.
15. The secure peripheral connecting device of claim 13, wherein:
said controller is capable of maintaining the device in said operational state for a predefined time interval after said user switch was activated.
16. The secure peripheral connecting device of claim 13, wherein said switches are further comprising a switch capable of disabling power to said coupled peripheral device when the device is in said secure state.
17. The secure peripheral connecting device of claim 13, and further comprising an active anti-tampering function.
18. The secure peripheral connecting device of claim 15, wherein, when the device is in said operational state:
a short activation of said user switch returns the device to said secure state, and
a long activation of said user switch extend the time interval of said operational state.
19. The secure peripheral connecting device of claim 15, wherein said predefined time interval is adjustable by the user.
20. The secure peripheral connecting device of claim 19, wherein said predefined time interval is adjustable by the user using at least one of: PC programming, keyboard entries, DIP switches, at least one trimmer, a rotary encoder, and configuration resistors.
21. The secure peripheral connecting device of claim 13, and further comprising:
a selector;
USB multiplexers;
a plurality of computer interfaces USB plugs, each capable of interfacing the device with a different coupled computer,
wherein said selector is capable of controlling said USB multiplexers to couple a selected coupled computer to said peripheral device.
22. The secure peripheral connecting device of claim 13, wherein when the secure state, said switch it shorts at least one of the analog I/O of said USB audio CODEC to the ground.
23. The secure peripheral connecting device of claim 13, and comprising a mute switch, controllable by said controller and connected to MIC_MUTE discrete input of said USB audio CODEC,
wherein information indicative of mute status of said USB audio CODEC can be passed to an application running at said coupled computer.
24. A secure peripheral connecting device comprising:
at least one computer interface capable of interfacing the device with a coupled computer, wherein said computer interface comprises at least one analog audio connector;
at least one peripheral device interface, capable of interfacing the device with a user peripheral device, wherein said peripheral device interface comprises at least one analog audio connector;
a user switch;
an indicator element;
switches; and
a controller, wherein:
user activation of said user switch is capable of causing said controller to activate said switches for setting the device in an operational state by:
enabling transfer signals to and from said user peripheral device and said coupled computer; and
turning on said indicator element,
and wherein said controller is capable of automatically activating said switches for setting the device in a secured state by:
disabling transfer of signals to and from said user peripheral device and said coupled computer; and
changing the state of said indicator element.
25. The secure peripheral connecting device of claim 13, and further comprising a buffer amplifier, capable of transmitting analog signal only in the direction to said peripheral device.
US13/548,340 2012-07-13 2012-07-13 Secure peripheral connecting device Active 2032-07-27 US8922372B2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US13/548,340 US8922372B2 (en) 2012-07-13 2012-07-13 Secure peripheral connecting device
EP13176151.2A EP2685387B1 (en) 2012-07-13 2013-07-11 Secure peripheral connecting device
CA2820981A CA2820981C (en) 2012-07-13 2013-07-11 Secure peripheral connecting device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US13/548,340 US8922372B2 (en) 2012-07-13 2012-07-13 Secure peripheral connecting device

Publications (2)

Publication Number Publication Date
US20140015673A1 true US20140015673A1 (en) 2014-01-16
US8922372B2 US8922372B2 (en) 2014-12-30

Family

ID=48793012

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/548,340 Active 2032-07-27 US8922372B2 (en) 2012-07-13 2012-07-13 Secure peripheral connecting device

Country Status (3)

Country Link
US (1) US8922372B2 (en)
EP (1) EP2685387B1 (en)
CA (1) CA2820981C (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130249699A1 (en) * 2012-02-29 2013-09-26 Huawei Technologies Co., Ltd. Alarm method and apparatus for terminal anti-eavesdropping
US20150358822A1 (en) * 2012-12-27 2015-12-10 Michael Thomas Hendrick Utilizations and Applications of Near Field Communications in Mobile Device Management and Security
EP2958047A1 (en) 2014-06-17 2015-12-23 High Sec Labs Ltd. Usb security gateway
EP3040902A1 (en) 2015-01-02 2016-07-06 High Sec Labs Ltd. Usb security device and method
US9665525B2 (en) 2014-06-09 2017-05-30 High Sec Labs Ltd. Multi-host docking device
US10915484B2 (en) * 2017-02-24 2021-02-09 Digital 14 Llc Peripheral disconnection switch system and method
US10922246B1 (en) 2020-07-13 2021-02-16 High Sec Labs Ltd. System and method of polychromatic identification for a KVM switch
US11334173B2 (en) 2020-07-13 2022-05-17 High Sec Labs Ltd. System and method of polychromatic identification for a KVM switch
US20220329688A1 (en) * 2021-04-07 2022-10-13 High Sec Labs Ltd. Mutual disabling unit for multiple phones

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015200499A1 (en) * 2014-06-26 2015-12-30 Avocent Huntsville Corp. System and method for kvm appliance forming a secure peripheral sharing switch to prevent data leakage
WO2016037048A1 (en) 2014-09-05 2016-03-10 Sequitur Labs, Inc. Policy-managed secure code execution and messaging for computing devices and computing device security
US10685130B2 (en) 2015-04-21 2020-06-16 Sequitur Labs Inc. System and methods for context-aware and situation-aware secure, policy-based access control for computing devices
US11847237B1 (en) 2015-04-28 2023-12-19 Sequitur Labs, Inc. Secure data protection and encryption techniques for computing devices and information storage
US11425168B2 (en) 2015-05-14 2022-08-23 Sequitur Labs, Inc. System and methods for facilitating secure computing device control and operation
CN205983718U (en) * 2016-08-29 2017-02-22 杭州朗鸿科技股份有限公司 Centralized anti -theft device
CA3040115C (en) * 2016-10-10 2022-05-24 Stephen Rosa Method and system for countering ransomware
US10700865B1 (en) 2016-10-21 2020-06-30 Sequitur Labs Inc. System and method for granting secure access to computing services hidden in trusted computing environments to an unsecure requestor

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5822406A (en) * 1995-09-29 1998-10-13 Cirrus Logic, Inc. Switching circuit for automatically routing audio and data signals between a modem, telephone, and I/O devices
US6725200B1 (en) * 1994-09-13 2004-04-20 Irmgard Rost Personal data archive system
US20070198856A1 (en) * 2000-01-06 2007-08-23 Super Talent Electronics Inc. Secure Flash-Memory Card Reader with Host-Encrypted Data on a Flash-Controller-Mastered Bus Parallel to a Local CPU Bus Carrying Encrypted Hashed Password and User ID
US20110208963A1 (en) * 2010-02-24 2011-08-25 Aviv Soffer Secured kvm system having remote controller-indicator

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4942605A (en) * 1987-12-08 1990-07-17 Northern Telecom Limited Security handset
US6169762B1 (en) * 1997-05-30 2001-01-02 Lucent Technologies Inc. Interface devices providing electrical isolation
US5900759A (en) * 1997-06-26 1999-05-04 Sun Microsystems, Inc. Dynamic-to-static convertor and staticized flop including the same
US20060176167A1 (en) * 2005-01-25 2006-08-10 Laser Shield Systems, Inc. Apparatus, system, and method for alarm systems
WO2008143841A1 (en) * 2007-05-14 2008-11-27 The Ohio State University Assessment device
US8401521B2 (en) * 2008-11-25 2013-03-19 Broadcom Corporation Enabling remote and anonymous control of mobile and portable multimedia devices for security, tracking and recovery

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6725200B1 (en) * 1994-09-13 2004-04-20 Irmgard Rost Personal data archive system
US5822406A (en) * 1995-09-29 1998-10-13 Cirrus Logic, Inc. Switching circuit for automatically routing audio and data signals between a modem, telephone, and I/O devices
US20070198856A1 (en) * 2000-01-06 2007-08-23 Super Talent Electronics Inc. Secure Flash-Memory Card Reader with Host-Encrypted Data on a Flash-Controller-Mastered Bus Parallel to a Local CPU Bus Carrying Encrypted Hashed Password and User ID
US20110208963A1 (en) * 2010-02-24 2011-08-25 Aviv Soffer Secured kvm system having remote controller-indicator

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130249699A1 (en) * 2012-02-29 2013-09-26 Huawei Technologies Co., Ltd. Alarm method and apparatus for terminal anti-eavesdropping
US20150358822A1 (en) * 2012-12-27 2015-12-10 Michael Thomas Hendrick Utilizations and Applications of Near Field Communications in Mobile Device Management and Security
US9665525B2 (en) 2014-06-09 2017-05-30 High Sec Labs Ltd. Multi-host docking device
EP2958047A1 (en) 2014-06-17 2015-12-23 High Sec Labs Ltd. Usb security gateway
US10855470B2 (en) 2014-06-17 2020-12-01 High Sec Labs Ltd. USB security gateway
EP3040902A1 (en) 2015-01-02 2016-07-06 High Sec Labs Ltd. Usb security device and method
US10915484B2 (en) * 2017-02-24 2021-02-09 Digital 14 Llc Peripheral disconnection switch system and method
US10922246B1 (en) 2020-07-13 2021-02-16 High Sec Labs Ltd. System and method of polychromatic identification for a KVM switch
US11334173B2 (en) 2020-07-13 2022-05-17 High Sec Labs Ltd. System and method of polychromatic identification for a KVM switch
US20220329688A1 (en) * 2021-04-07 2022-10-13 High Sec Labs Ltd. Mutual disabling unit for multiple phones
US11606460B2 (en) * 2021-04-07 2023-03-14 High Sec Labs Ltd. Mutual disabling unit for multiple phones

Also Published As

Publication number Publication date
EP2685387A3 (en) 2014-07-23
EP2685387A2 (en) 2014-01-15
CA2820981C (en) 2022-10-11
EP2685387B1 (en) 2019-09-11
US8922372B2 (en) 2014-12-30
CA2820981A1 (en) 2014-01-13

Similar Documents

Publication Publication Date Title
US8922372B2 (en) Secure peripheral connecting device
CA2806262C (en) Secure audio peripheral device
US8988532B2 (en) Secure video camera device
US20210006407A1 (en) Usb security gateway
CA3054268C (en) Method and apparatus for securing kvm matrix
US8090961B2 (en) Security switch
US8924708B2 (en) Security switch
US8522309B2 (en) Security switch
US20140172422A1 (en) Secured audio channel for voice communication
CA3038633C (en) Method and apparatus for securing voice over ip telephone device
US20080304655A1 (en) Interruption Device for a Data Communication Line
US11606460B2 (en) Mutual disabling unit for multiple phones
RU2691743C1 (en) Autonomous device for physical break of audio path circuit
US20040243825A1 (en) Netsafe computer security switch
CN201571100U (en) Indoor security protection telephone with touch function
RU91244U1 (en) DEVICE FOR PROTECTING A MOBILE PHONE FROM ITS UNAUTHORIZED ACTIVATION
RU103263U1 (en) MOBILE PHONE WITH HIDDEN ACTIVATION PROTECTION
CN104581529A (en) Recording blocker

Legal Events

Date Code Title Description
AS Assignment

Owner name: HIGH SEC LABS LTD, ISRAEL

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SOFFER, AVIV;REEL/FRAME:033739/0625

Effective date: 20120718

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551)

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2552); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 8